On Tue, Feb 21, 2006, Martijn Moret wrote: > Hi all, > > A partner that we need to communicate with has a certificate signed by > globalsign. I downloaded the certificates from: > http://support.globalsign.net/en/serversign/server_faq_body.cfm > > When converting these to PEM and running them trough the openssl verify > command, i get the following error: > > # openssl verify Root.pem > Root.pem: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA > error 18 at 0 depth lookup:self signed certificate > OK > > This is the same for the two intermediates. > > I tried this with the Verisign root CA and Intermediates, they are > verified OK: > # openssl verify verisign.pem > verisign.pem: OK > > Any hints?? >
That's because it isn't trusted. If you do: openssl verify -CAfile root.pem foo.pem where "foo.pem" is the root or intermediate CA it should work. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
